Solved

What is the best way to connect our Windows 2008 SBS with another Windows 2008 Enterprise Server at a Branch Office?

Posted on 2011-09-29
5
260 Views
Last Modified: 2012-05-12
Good evening.

We have our main server which is a Windows 2008 SBS and is our Domain Controller. We'd like to connect our Branch Office which has a Windows 2008 Enterprise server as a read-only active directory setup.

Is this possible with out current server OS setup? We are using LogMeIn Hamachi as a VPN solution. Any advice will be greatly appreciated!

Thanks
0
Comment
Question by:Poly11
  • 2
  • 2
5 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 36818452
Hamachi can be used but it is not the most stable VPN solution and uses dynamic IP addressing for the tunnel creation. I would recomend using two VPN routers which start at about $150 for a unit like a Netgear FVS318 or Linksys/Cisco RV042.

You mention the remote server is a read only DC? Is it a member of the SBS domain? If so you are already connected. If a member of another domain you cannot create a trust with the SBS. Perhaps if you could provide more details.
0
 

Author Comment

by:Poly11
ID: 36891615
Hi RobWill.

Thanks for the quick response. The remote server is a member of the SBS domain, at least it was before it was relocated to the branch office. I have opened the LDAP port on the firewall to allow the incoming and outgoing traffic, but I am still receiving NETLOGON errors in the event log of the remote server. The following is the error:

This computer was not able to set up a secure session with a domain controller in domain DOMAIN due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

I can't open the Active Director Users and Groups because it says the server is not operational. I have also opened the LDAP port n the firewall for the branch office. Are there other ports that should be opened?

I will try and convince the powers that be that a VPN hardware solution is recommended, however they love Hamachi because of it's ease of use and central management capability. We have the paid version of LogMeIn Central which gives us use of Hamachi. I haven't noticed any IP addresses change over the past year.

Could you please let me know if it's possible to get both domain controllers remotely connected with what we have? Thanks again.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 36892325
-A VPN should allow all traffic, so that shouldn't be an issue.
-The remote site must use a different subnet, does it?
-Because it is a different subnet some windows services may not work. The default configuration in the Windows firewall for some services is to only allow access from the local subnet. To test this I would disable the Windows firewalls. If that resolves the problem we can proceed from there.
-I suspect though the issue is the routing. The remote server must see the SBS as its ONLY DNS server. Can the remote server ping the SBS? If not you may need to add static routes. If so this is why you need a pair of VPN routers. The static route would point to the Hamachi IP as the gateway. Hamachi assigns dynamic IP's so this is always changing, though you say you haven't seen any changes.
-Once the remote server can access the SBS you need to add the remote site and subnet in Active Directory sites and services, but I think the routing is the primary concern.

Let me know if the firwwall makes a difference and if you can ping the SBS. If not I can supply routes to add.
Again the remote server can point only to the SBS, do not add local or ISP's DNS servers to the NIC configuration, they can be added as forwarders.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 36906538
I have found Hamachi doesn't consistently work for network to network traffic.  The best way I have seen is firewall to firewall, (point to point) setups.  Then the two can act as the router and gateways to route traffic through the right subnets.  Most of them also won't allow you to use overlapping which will help you keep things as standard as possible.  For ease, I have seen two untangle firewalls work well (one is set as server, you then make a file to bring to the other one to make it a client, the app does all teh configuring for you).  I myself like the Sonicwalls and found they work really well also.

In regards to the routing, I also agree.  Often what you will see is something like unqualified lookups don't work.  for example, pinging server1, does not work, but server1.domain.local will, or by IP will.
0
 

Author Closing Comment

by:Poly11
ID: 36954643
Since the recommended changes, Hamachi has been working like a charm. Thanks again, Rob Will!
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now